The CSF is a framework of voluntary guidance that helps organizations better understand cybersecurity risks such as threats and vulnerabilities, how such risks could affect their operations, and how to communicate relevant information among internal and external stakeholders.